277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-05-2024 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
Size

186KB
MD5

b0548f54355655069f0732456444b214
SHA1

709f89fbb2385faeb6a196f104bb2ed1c2ff0dbd
SHA256

277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f
SHA512

378f3e5b199ddf9224ce45d471196c7f305774ebd35b8d2c772decbafee5b0468de70c37e1c2ba92059fec877b03ac71b7890c5319d53b58b24aa18c3dfd2fce
SSDEEP

3072:fnyiQSo1EZGtKgZGtK/PgtU1wAIuZAIuXwFwtdQixiw76y:KiQSo1EZGtKgZGtK/CAIuZAIulr

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3437) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2164-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000b000000015cff-2.dat	UPX
behavioral1/files/0x0002000000010674-6.dat	UPX
behavioral1/memory/2164-644-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2164-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000015cff-2.dat	upx
behavioral1/files/0x0002000000010674-6.dat	upx
behavioral1/memory/2164-644-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp	277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe

C:\Users\Admin\AppData\Local\Temp\277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe
"C:\Users\Admin\AppData\Local\Temp\277df6b7e2b08e4d801692aa6182ecbb56d2e7d5701d4ee455f554f9b606bd5f.exe"
1⤵
- Drops file in Program Files directory
PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
186KB

MD5
b5a732ccce929200b243f72f8b60f54e

SHA1
5d725352e027f1ecb9bcf31dffbdb460e2a0d2cd

SHA256
2658cce28bf9afb889d327fa72f5207aa07117ffb03dab9c658a891825b0e041

SHA512
6da964170ca17a322dbba8e512121e81fc6037e6d36afdc90a80ec6c004f0a5375181cf4b3e1f7869c66e949bde5bf6e9ef6e25cb9a88ad45b6f59cb81e536f6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
195KB

MD5
09e8e11e440fbc2c0a9a22fc656a239b

SHA1
1685a1aaa9a553b6a9aabf84735ae02c909dbef5

SHA256
7b02f167b63ee52859d3fa42e5e94a66f1e230eada84519ae0d8e353be9a0892

SHA512
ed6da8f42156070024bb28592603d0cc73a03ed42b497268de8f48ac870b693c0fdeddb665ce025636aa357e8b9a5833a6c764a2f7e85e556d0c334e7a913817

Download Submit
memory/2164-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2164-644-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download